It’s hard to believe that the social-engineer.org project began 14 months ago. This project started from a simple idea to build the world’s first framework for social engineers. In these 14 months, this project has grown into the leading resource for all real social engineering education. The CTF that…
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy web interface, an attacker can acquire a your session information and log to the account with no credentials.All Godaddy workspace users, ph33r.
Aloha Offsec students! You’ve been slapped around by Bob, abused by Nicky and crushed by NNM. Just as you thought it was over, Offensive Security now comes up with a brand new type of pain. This one is for all your hardcore exploit developers out there, who want a real challenge – an Offsec “Exploit Weekend”.
Penetration Testing with BackTrack – There has been a lot of focus on high quality training for security professionals lately in the news. Even the US Government has issued statements about the need for security training to be different in the market today. Much of their research has led them to say that a real-world, hands-on approach to training is more effective than the typical multiple choice training that is out there.
The “new” Insecure Library Loading vulnerability (2269637) in action… The Metasploit team has added a exploit module for this vulnerability. Check it out.
Each year companies lose millions in security breaches. High quality Information Security Awareness is probably one of the most important remedies for these attacks. For a long time we have held to the thought that the human element is the weakest link in the chain, and the Social Engineering Contest at Defcon 18 really drove the point through.
The Offsec crew is back from BlackHat and Defcon, alive and well. The PWB and AWE trainings were a blast and the crowd was awesome. The BackTrack R1 BlackHat edition release went well, with over 5500 DVDs distributed. We thank everyone who came to our booth – it was nice to put a face to some of those names…
A great start for our EDB DEV group. Last week we dug into some published HP vulnerabilities, and came out with 3 exploits which were published this week. Our highlight this week is an awesome writeup about a OSX ROP Exploit case study by didn0t. Check it out!
Exciting times here at Offensive Security. Two of our most major projects are off to new and amazing directions – BackTrack and the Exploit Database. The BackTrack development team is now officially funded by Offensive Security, bringing a new era of a high quality penetration testing distribution. In addition, the EDB has started a new R&D initiative which will result in some interesting blog posts.
Are you looking for a real Social Engineering CTF challenge? Join Social-Engineer.Org and Offensive Security in the Official Social Engineering CTF hosted at Defcon 18.
Offsec has teamed up with the crew at Hackers For Charity and the world’s premier Hacker Con – BlackHat, to provide another amazing cyber hacking challenge.
In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive Information…
BlackHat Offensive Security Training Courses are selling out…sign up quick! To all those who signed up – we’ve got some special things planned for you, you’re definitely in for a ride. Thanks for flying Offsec.
The Offensive Security team is excited to announce the release date of v3.0 of the Pentesting With BackTrack Course. On March 21, 2010 the course will be made live. The team has worked overtime to ensure the videos and labs are better than ever. With new modules, more in depth…
For the past few months, Offensive Security has been working with additional exploit addicts (Rel1k) at maintaining the integrity of the Milw0rm exploit archive. For those who don’t know, Milw0rm has been dormant in the past few weeks, for reasons which remain with str0ke (he is alive, healthy and well…
